Protecting Federal Facilities Remains A Challenge

The Federal Protective Service continues to face challenges ensuring that contract guards have been properly trained and certified before being deployed to federal facilities around the country. In September 2013, for example, GAO reported that providing training for active shooter scenarios and screening access to federal facilities poses a challenge for FPS. According to officials at five guard companies, their contract guards have not received training on how to respond during incidents involving an active shooter. Without ensuring that all guards receive training on how to respond to active-shooter incidents at federal facilities, FPS has limited assurance that its guards are prepared for this threat. Similarly, an official from one of FPS’s contract guard companies stated that 133 (about 38 percent) of its approximately 350 guards have never received screener training. As a result, guards deployed to federal facilities may be using x-ray and magnetometer equipment that they are not qualified to use raising questions about their ability to fulfill a primary responsibility of screening access control points at federal facilities. GAO was unable to determine the extent to which FPS’s guards have received active-shooter response and screener training, in part, because FPS lacks a comprehensive and reliable system for guard oversight. GAO also found that FPS continues to lack effective management controls to ensure its guards have met its training and certification requirements. For instance, although FPS agreed with GAO’s 2012 recommendations that it develop a comprehensive and reliable system for managing information on guards’ training, certifications, and qualifications, it still does not have such a system. Additionally, 23 percent of the 276 contract guard files GAO reviewed did not have required training and certification documentation. For example, some files were missing items such as documentation of screener training, CPR certifications, and firearms qualifications.

Assessing risk at federal facilities remains a challenge for FPS. GAO found in 2012 that federal agencies pay FPS millions of dollars to assess risk at their facilities, but FPS is not assessing risks in a manner consistent with federal standards. In March 2014, GAO found that this is still a challenge for FPS and several other agencies. The Interagency Security Committee’s (ISC) Risk Management Process for Federal Facilities standard requires federal agencies to develop risk assessment methodologies that, among other things, assess the threat, vulnerability, and consequence to undesirable events. Risk assessments help decision-makers identify and evaluate security risks and implement protective measures. Instead of conducting risk assessments, FPS uses an interim vulnerability assessment tool, referred to as the Modified Infrastructure Survey Tool (MIST) to assess federal facilities until it develops a longer-term solution. However, MIST does not assess consequence (the level, duration, and nature of potential loss resulting from an undesirable event). Three of the four risk assessment experts GAO spoke with generally agreed that a tool that does not estimate consequences does not allow an agency to fully assess risks. Thus, FPS has limited knowledge of the risks facing about 9,600 federal facilities around the country. FPS officials stated that consequence information in MIST was not part of the original design, but they are exploring ways to incorporate it.